Section 1.1.230. Security.
   A.   File Cabinet Security.
      1.   File cabinets shall remain locked at all times that the Recorder or Deputy Recorder, Financial Officer or mayor is not present.
      2.   Only the Town Recorder, Deputy Recorder, Financial Officer and Mayor will have access to the file cabinets.
   B.   Computer Security.
      1.   All information traveling over Fairfield Town computer networks that has not been specifically identified as the property of other parties will be treated as though it is a Fairfield Town asset. It is the policy of Fairfield Town to prohibit unauthorized access, disclosure, duplication, modification, diversion, destruction, loss, misuse, or theft of this information. In addition, it is the policy of Fairfield Town to protect information belonging to third parties that have been entrusted to Fairfield Town in a manner consistent with its sensitivity and in accordance with all applicable agreements.
      2.   The Mayor or Mayor’s appointee is responsible for establishing, maintaining, implementing, administering, and interpreting organization-wide information systems security policies.
      3.   The computer and communications system privileges of all users, systems, and independently operating programs such as agents, must be restricted based on the need to know. This means that privileges must not be extended unless a legitimate academic/business-oriented need for such privileges exists.
      4.   Users are responsible for complying with this and all other Fairfield Town policies defining computer and network security measures. Users also are responsible for bringing all known information security vulnerabilities and violations that they notice to the attention of the Information Technology Department or in the absence of such a department, to the Mayor and/or Town Council.
      5.   Passwords. Fairfield Town has an obligation to effectively protect intellectual property and personal and financial information. Using passwords that are difficult to guess is a key step toward effectively fulfilling that obligation.
         a.   Any password used to access information stored and/or maintained by Fairfield Town must be at least eight (8) characters long, contain at least one uppercase letter and one number or special character;
         b.   Passwords will expire annually - every 365 days. When a password expires or a change is required, users should create a new password that is not identical to the last three passwords previously employed;
         c.   Passwords stored electronically may not be stored in readable form where unauthorized persons might discover them;
         d.   Passwords may not be written down and left in a place where unauthorized persons might discover them;
         e.   Passwords may never be shared or revealed to anyone other than the authorized user or in some cases users;
         f.   If a password is suspected of being disclosed or known to have been disclosed to anyone other than authorized users, it should be changed immediately; and
         g.   Anytime an authorized user is changed or replaced a new password must be set.
   C.   Portable Computers. Employees in the possession of portable, laptop, notebook, handheld, tablet and other transportable computers containing confidential information must not leave these computers unattended at any time unless the information is stored in encrypted form. If a device is lost or stolen the responsible party must:
      1.   Report all lost or stolen devices to the Mayor immediately; and
      2.   Change all passwords immediately.
   D.   Violations. Fairfield Town network users who willingly and deliberately violate this policy will be subject to disciplinary action up to and including termination or legal action.